public/new-rbacReport.ps1
Function new-rbacReport { [CmdletBinding(DefaultParameterSetName='console')] Param ( [Parameter(parametersetname='console',Mandatory, ValueFromPipelineByPropertyName, ValueFromPipeline)] [Parameter(parametersetname='file',Mandatory, ValueFromPipelineByPropertyName, ValueFromPipeline)] [ArgumentCompleter( { @("Global","Org","Component") } )] [ValidateScript( { $_ -in @("Global","Org","Component") } )] [String]$Report, [Parameter(parametersetname='console',ValueFromPipelineByPropertyName, ValueFromPipeline)] [Parameter(parametersetname='file',ValueFromPipelineByPropertyName, ValueFromPipeline)] [ArgumentCompleter( { @("JSON","Table","AsRaw") } )] [ValidateScript( { $_ -in @("JSON","Table","AsRaw") } )] [String]$displayformat = "table", [Parameter(parametersetname='file',Mandatory, ValueFromPipelineByPropertyName, ValueFromPipeline)] [ArgumentCompleter( { @("JSON","CSV","CliXML") } )] [ValidateScript( { $_ -in @("JSON","CSV","CliXML") } )] [String]$format, [Parameter(parametersetname='file',ValueFromPipelineByPropertyName, ValueFromPipeline)] [String]$path = "$HOME\Documents\", [Parameter(parametersetname='file',ValueFromPipelineByPropertyName, ValueFromPipeline)] [Switch]$Quiet ) Begin { $TemplateMap = @{ Global = $GlobalTemplate Org = $OrgTemplate Component = $ComponentTemplate } } Process { $Template = $TemplateMap[$Report] $RightsList = [hashtable]::new() # Create the default report line chart to be reused by each right $reportLine = [Ordered]@{"RightName" = ""} foreach ($role in $Template.DefaultRoles) { $reportLine[$role.nameSuffix] ="" foreach ($aux in $role.AuxiliaryGroups) { #Add "rights" that don't appear in the rights list $RightsList[$aux] = @{ Type = "Auxiliary" Name = $aux Displayname = $aux Description = "Well known group" } } } foreach ($right in $Template.DefaultRights ) { $RightsList[$right] = @{ DisplayName = "...$($right.NameSuffix)" Type = "Right" Name = $right.NameSuffix Description = $Right.description } } $RightsChart = foreach ($right in $RightsList.GetEnumerator()) { $reportLine["RightName"] = $right.Value.DisplayName $reportLine["Description"] = $right.Value.Description foreach ($role in $Template.DefaultRoles) { $HasRight = $false if ($right.Value.type -eq "Right") { $HasRight = $role.rights -contains $right.Value.name } elseif ($right.Value.type -eq "Auxiliary" -and $role.AuxiliaryGroups){ $HasRight = $role.auxiliaryGroups -contains $right.Value.name } if ($HasRight) { $reportLine[$role.nameSuffix] = "X" } else { $reportLine[$role.nameSuffix] = "" } } [PSCustomObject]$reportLine } $RightsChart = $RightsChart | sort-object rightName if (-not $quiet) { switch ($displayformat) { "JSON" { $RightsChart | convertTo-JSON } "Table" { $RightsChart | format-table -autosize} "AsRaw" { $RightsChart } } } if ($format) { $dateStamp = Get-Date -format FileDateTime $filePath = "$path\RBAC-$Report-$dateStamp.$format" write-host ("Writing report: {0,-10} as {1,-5} to {2}" -f $report, $format, $filepath) try { switch ($format) { "CliXML" {$RightsChart | Export-Clixml -path $filePath } "CSV" { $RightsChart | export-csv -path $filePath } "JSON" { $RightsChart | convertTo-JSON | out-file $filePath } } } Catch { write-warning $_.exception.getType().fullname write-loghandler -level "warning" -message ("Failed to write report: {0,-10} as {1,-5} to {2}" -f $report, $format, $filepath) throw $_ } } } } |